Overview#Cryptographic Module Validation Program (CMVP) is a NIST program that validates cryptographic modules to Federal Information Processing Standards (FIPS 140), Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards.
FIPS 140-2, Security Requirements for Cryptographic Modules, was released on May 25, 2001 and supersedes FIPS 140-1. The CMVP is a joint effort between NIST and Canada's Communications Security Establishment (CSE).
Vendors of cryptographic modules use independent, accredited Cryptographic and Security Testing (CST) laboratories to test their modules. The CST laboratories use the Derived Test Requirements (DTR), Implementation Guidance (IG) and applicable CMVP programmatic guidance to test cryptographic modules against the applicable standards. NIST's Computer Security Division (CSD) and CSE jointly serve as the Validation Authorities for the program, validating the test results and issuing certificates.